package com.tx.spring_security.spring_security_demo.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

/**
 * @author ：tx
 * @description：
 * @date ：Created in 2019/8/16 14:52
 * @modified By：
 * @version:
 */
@Controller
public class LoginController {

    @RequestMapping("/login")
    public String login(Model model,
                        @RequestParam(name = "error", required = false) String error){
        String msg = "";
        if(error != null){
            //http://localhost:8080/login?error  登录错误时只有一个key为error，因此这里判断包不包含key
            msg = "用户名或密码错误";
        }
        model.addAttribute("msg",msg);
        return "login";
    }

    @RequestMapping("/login/form")
    public String loginForm(Model model){
        //没啥用
        model.addAttribute("msg","");
        return "index";
    }



    //请求授权   测试url
    @RequestMapping("/admin/showAdmin")
    public String showAdmin(Model model){
        model.addAttribute("msg","这是来自神秘的管理员的信息");
        return "index";
    }

    @RequestMapping("/user/findUserMessage")
    public String showUserMsg(Model model){
        model.addAttribute("msg","这是用户的信息，是谁查的呢？");
        return "index";
    }


    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @RequestMapping("/admin/showMethodAdmin")
    public String showMethodAdmin(Model model){
        model.addAttribute("msg","这是来自管理员的信息，有权限访问吗");
        return "index";
    }
}
